216.73.217.86

Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware

· Published 22/05/2024 07:39 · Modified 22/05/2024 07:54

Export JSON

Essential information

Published
22/05/2024 07:39
Modified
22/05/2024 07:54
Tags
2024-05-22 cloud cloud#reverser phishing powershell vbscript
Related entities
16 observables, 10 techniques (mitre), 1 malware

Description

Securonix Threat Research has uncovered a sophisticated malware campaign, dubbed , that leverages popular storage services like Google Drive and Dropbox for malware delivery, command execution, and data exfiltration. The infection chain starts with a email containing a malicious zip attachment disguised as a Microsoft Office document. The malware employs various obfuscation techniques, including and stages, to establish persistence, communicate with attacker-controlled servers, and dynamically fetch additional payloads. The threat actors utilize platforms as conduits for executing commands and exfiltrating sensitive data while blending into normal network traffic.

External references